1220529 – (CVE-2021-46961) VUL-0: CVE-2021-46961: kernel-source,kernel-source-azure,kernel-source-rt: irqchip/gic-v3: Do not enable irqs when handling spurious interrups

Bug 1220529 (CVE-2021-46961) - VUL-0: CVE-2021-46961: kernel-source,kernel-source-azure,kernel-source-rt: irqchip/gic-v3: Do not enable irqs when handling spurious interrups

Summary: VUL-0: CVE-2021-46961: kernel-source,kernel-source-azure,kernel-source-rt: ir...

Status:	RESOLVED FIXED

Alias:	CVE-2021-46961

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/395367/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-46961:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-02-28 09:23 UTC by SMASH SMASH
Modified:	2024-07-03 13:31 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-02-28 09:23:02 UTC

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3: Do not enable irqs when handling spurious interrups

We triggered the following error while running our 4.19 kernel
with the pseudo-NMI patches backported to it:

[   14.816231] ------------[ cut here ]------------
[   14.816231] kernel BUG at irq.c:99!
[   14.816232] Internal error: Oops - BUG: 0 [#1] SMP
[   14.816232] Process swapper/0 (pid: 0, stack limit = 0x(____ptrval____))
[   14.816233] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G           O      4.19.95.aarch64 #14
[   14.816233] Hardware name: evb (DT)
[   14.816234] pstate: 80400085 (Nzcv daIf +PAN -UAO)
[   14.816234] pc : asm_nmi_enter+0x94/0x98
[   14.816235] lr : asm_nmi_enter+0x18/0x98
[   14.816235] sp : ffff000008003c50
[   14.816235] pmr_save: 00000070
[   14.816237] x29: ffff000008003c50 x28: ffff0000095f56c0
[   14.816238] x27: 0000000000000000 x26: ffff000008004000
[   14.816239] x25: 00000000015e0000 x24: ffff8008fb916000
[   14.816240] x23: 0000000020400005 x22: ffff0000080817cc
[   14.816241] x21: ffff000008003da0 x20: 0000000000000060
[   14.816242] x19: 00000000000003ff x18: ffffffffffffffff
[   14.816243] x17: 0000000000000008 x16: 003d090000000000
[   14.816244] x15: ffff0000095ea6c8 x14: ffff8008fff5ab40
[   14.816244] x13: ffff8008fff58b9d x12: 0000000000000000
[   14.816245] x11: ffff000008c8a200 x10: 000000008e31fca5
[   14.816246] x9 : ffff000008c8a208 x8 : 000000000000000f
[   14.816247] x7 : 0000000000000004 x6 : ffff8008fff58b9e
[   14.816248] x5 : 0000000000000000 x4 : 0000000080000000
[   14.816249] x3 : 0000000000000000 x2 : 0000000080000000
[   14.816250] x1 : 0000000000120000 x0 : ffff0000095f56c0
[   14.816251] Call trace:
[   14.816251]  asm_nmi_enter+0x94/0x98
[   14.816251]  el1_irq+0x8c/0x180                    (IRQ C)
[   14.816252]  gic_handle_irq+0xbc/0x2e4
[   14.816252]  el1_irq+0xcc/0x180                    (IRQ B)
[   14.816253]  arch_timer_handler_virt+0x38/0x58
[   14.816253]  handle_percpu_devid_irq+0x90/0x240
[   14.816253]  generic_handle_irq+0x34/0x50
[   14.816254]  __handle_domain_irq+0x68/0xc0
[   14.816254]  gic_handle_irq+0xf8/0x2e4
[   14.816255]  el1_irq+0xcc/0x180                    (IRQ A)
[   14.816255]  arch_cpu_idle+0x34/0x1c8
[   14.816255]  default_idle_call+0x24/0x44
[   14.816256]  do_idle+0x1d0/0x2c8
[   14.816256]  cpu_startup_entry+0x28/0x30
[   14.816256]  rest_init+0xb8/0xc8
[   14.816257]  start_kernel+0x4c8/0x4f4
[   14.816257] Code: 940587f1 d5384100 b9401001 36a7fd01 (d4210000)
[   14.816258] Modules linked in: start_dp(O) smeth(O)
[   15.103092] ---[ end trace 701753956cb14aa8 ]---
[   15.103093] Kernel panic - not syncing: Fatal exception in interrupt
[   15.103099] SMP: stopping secondary CPUs
[   15.103100] Kernel Offset: disabled
[   15.103100] CPU features: 0x36,a2400218
[   15.103100] Memory Limit: none

which is cause by a 'BUG_ON(in_nmi())' in nmi_enter().

From the call trace, we can find three interrupts (noted A, B, C above):
interrupt (A) is preempted by (B), which is further interrupted by (C).

Subsequent investigations show that (B) results in nmi_enter() being
called, but that it actually is a spurious interrupt. Furthermore,
interrupts are reenabled in the context of (B), and (C) fires with
NMI priority. We end-up with a nested NMI situation, something
we definitely do not want to (and cannot) handle.

The bug here is that spurious interrupts should never result in any
state change, and we should just return to the interrupted context.
Moving the handling of spurious interrupts as early as possible in
the GICv3 handler fixes this issue.

[maz: rewrote commit message, corrected Fixes: tag]

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46961
https://www.cve.org/CVERecord?id=CVE-2021-46961
https://git.kernel.org/stable/c/3f72d3709f53af72835af7dc8b15ba61611a0e36
https://git.kernel.org/stable/c/7be4db5c2b59fa77071c93ca4329876fb9777202
https://git.kernel.org/stable/c/a97709f563a078e259bf0861cd259aa60332890a
https://git.kernel.org/stable/c/e7ea8e46e3b777be26aa855fe07778c415f24926
https://git.kernel.org/stable/c/ea817ac1014c04f47885532b55f5d0898deadfba

Comment 1 Thomas Leroy 2024-02-28 09:26:56 UTC

cve/linux-5.3 still misses the fix.

Following are already fixed:
- SLE15-SP6                                                                                                                                                                             - cve/linux-5.14                                                                                                                                                                        
- stable

Comment 3 Ivan Ivanov 2024-03-07 13:40:45 UTC

Pull request to cve/linux-5.3 sent out.

Comment 4 Ivan Ivanov 2024-03-14 16:40:55 UTC

Fix merged into cve/linux-5.3. Back to security team.

Comment 12 Maintenance Automation 2024-04-26 16:30:09 UTC

SUSE-SU-2024:1454-1: An update that solves 114 vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220411, 1220413, 1220442, 1220445, 1220468, 1220484, 1220521, 1220528, 1220529, 1220532, 1220536, 1220554, 1220556, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220625, 1220631, 1220638, 1220640, 1220641, 1220662, 1220669, 1220687, 1220692, 1220697, 1220703, 1220706, 1220739, 1220743, 1220745, 1220749, 1220751, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220969, 1221044, 1221058, 1221061, 1221077, 1221088, 1221293, 1221532, 1221534, 1221541, 1221548, 1221575, 1221605, 1221606, 1221608, 1221830, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221989, 1221991, 1221992, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-46909, CVE-2021-46921, CVE-2021-46930, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46958, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46981, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47006, CVE-2021-47013, CVE-2021-47015, CVE-2021-47020, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47153, CVE-2021-47161, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52500, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33232](https://smelt.suse.de/incident/33232/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_47-1-150200.5.3.3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-syms-5.3.18-150200.24.188.1, kernel-source-5.3.18-150200.24.188.1, kernel-default-base-5.3.18-150200.24.188.1.150200.9.95.3, kernel-obs-build-5.3.18-150200.24.188.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-syms-5.3.18-150200.24.188.1, kernel-source-5.3.18-150200.24.188.1, kernel-default-base-5.3.18-150200.24.188.1.150200.9.95.3, kernel-obs-build-5.3.18-150200.24.188.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-syms-5.3.18-150200.24.188.1, kernel-source-5.3.18-150200.24.188.1, kernel-default-base-5.3.18-150200.24.188.1.150200.9.95.3, kernel-obs-build-5.3.18-150200.24.188.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Maintenance Automation 2024-04-29 16:30:44 UTC

SUSE-SU-2024:1465-1: An update that solves 145 vulnerabilities, contains five features and has five security fixes can now be installed.

Category: security (important)
Bug References: 1192145, 1209657, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220536, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706, 1222878
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2021-47202, CVE-2022-48626, CVE-2023-0160, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6531, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33363](https://smelt.suse.de/incident/33363/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-source-rt-5.3.18-150300.166.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-source-rt-5.3.18-150300.166.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-source-rt-5.3.18-150300.166.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Maintenance Automation 2024-05-03 08:31:05 UTC

SUSE-SU-2024:1489-1: An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed.

Category: security (important)
Bug References: 1184942, 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220641, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220745, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-29155, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47013, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33221](https://smelt.suse.de/incident/33221/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Enterprise Storage 7.1 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
openSUSE Leap 15.3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5, kernel-obs-build-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5, kernel-source-5.3.18-150300.59.158.1, kernel-obs-qa-5.3.18-150300.59.158.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Maintenance Automation 2024-05-03 08:37:35 UTC

SUSE-SU-2024:1489-1: An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed.

Category: security (important)
Bug References: 1184942, 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220641, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220745, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-29155, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47013, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33221](https://smelt.suse.de/incident/33221/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Enterprise Storage 7.1 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
openSUSE Leap 15.3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5, kernel-obs-build-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5, kernel-source-5.3.18-150300.59.158.1, kernel-obs-qa-5.3.18-150300.59.158.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Andrea Mattiazzo 2024-07-03 13:31:39 UTC

All done, closing.